pullup:

1195.   [bug]           Attempts to redefine builtin acls should be caught.
                        [RT #2403]

CHANGES

@@ -1,5 +1,8 @@
 1196.	[contrib]	update mdnkit to 2.2.3.
 
+1195.	[bug]		Attempts to redefine builtin acls should be caught.
+			[RT #2403]
+
 1191.   [bug]           A dynamic update removing the last non-apex name in
 			a secure zone would fail. [RT #2399]
 

lib/isccfg/check.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check.c,v 1.14.2.9 2002/02/08 03:57:46 marka Exp $ */
+/* $Id: check.c,v 1.14.2.10 2002/02/11 21:42:10 gson Exp $ */
 
 #include <config.h>
 
@@ -449,11 +449,15 @@ isc_result_t
 cfg_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) {
 	cfg_obj_t *options = NULL;
 	cfg_obj_t *views = NULL;
+	cfg_obj_t *acls = NULL;
 	cfg_obj_t *obj;
 	cfg_listelt_t *velement;
 	isc_result_t result = ISC_R_SUCCESS;
 	isc_result_t tresult;
 
+	static const char *builtin[] = { "localhost", "localnets",
+					 "any", "none" };
+
 	(void)cfg_map_get(config, "options", &options);
 
 	if (options != NULL &&
@@ -501,5 +505,31 @@ cfg_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) {
 		}
 	}
 
+        tresult = cfg_map_get(config, "acl", &acls);
+        if (tresult == ISC_R_SUCCESS) {
+		cfg_listelt_t *elt;
+		const char *aclname;
+
+		for (elt = cfg_list_first(acls);
+		     elt != NULL;
+		     elt = cfg_list_next(elt)) {
+			cfg_obj_t *acl = cfg_listelt_value(elt);
+			unsigned int i;
+
+			aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name"));
+			for (i = 0;
+			     i < sizeof(builtin) / sizeof(builtin[0]);
+			     i++)
+				if (strcasecmp(aclname, builtin[i]) == 0) {
+					cfg_obj_log(acl, logctx, ISC_LOG_ERROR,
+						    "attempt to redefine "
+						    "builtin acl '%s'",
+				    		    aclname);
+					result = ISC_R_FAILURE;
+					break;
+				}
+		}
+	}
+
 	return (result);
 }